Validate the receipt type before passing it on to the receipt handler

author: Kegan Dougal <kegan@matrix.org> 2015-10-01 14:01:52 +0100
committer: Kegan Dougal <kegan@matrix.org> 2015-10-01 14:01:52 +0100
commit: bad780a19705cbffcdd181d3ffc81f10980ed109 (patch)
tree: e7a468daa9cd6253cc0d2e56b42168eaffbad609 /synapse/rest/client
parent: Don't change cwd in synctl (diff)
download: synapse-bad780a19705cbffcdd181d3ffc81f10980ed109.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/synapse/rest/client/v2_alpha/receipts.py b/synapse/rest/client/v2_alpha/receipts.py
index 52e99f54d5..b107b7ce17 100644
--- a/synapse/rest/client/v2_alpha/receipts.py
+++ b/synapse/rest/client/v2_alpha/receipts.py
@@ -15,6 +15,7 @@
 
 from twisted.internet import defer
 
+from synapse.api.errors import SynapseError
 from synapse.http.servlet import RestServlet
 from ._base import client_v2_pattern
 
@@ -41,6 +42,9 @@ class ReceiptRestServlet(RestServlet):
     def on_POST(self, request, room_id, receipt_type, event_id):
         user, _ = yield self.auth.get_user_by_req(request)
 
+        if receipt_type != "m.read":
+            raise SynapseError(400, "Receipt type must be 'm.read'")
+
         yield self.receipts_handler.received_client_receipt(
             room_id,
             receipt_type,
author	Kegan Dougal <kegan@matrix.org>	2015-10-01 14:01:52 +0100
committer	Kegan Dougal <kegan@matrix.org>	2015-10-01 14:01:52 +0100
commit	bad780a19705cbffcdd181d3ffc81f10980ed109 (patch)
tree	e7a468daa9cd6253cc0d2e56b42168eaffbad609 /synapse/rest/client
parent	Don't change cwd in synctl (diff)
download	synapse-bad780a19705cbffcdd181d3ffc81f10980ed109.tar.xz